package cn.zj.ssm.controller;

import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;

@RequestMapping("/user")
@Controller
public class UserController {

	
	/*
	 * 此方法是Shiro认证失败以后的跳转方法
	 * 
	 */
	
	@RequestMapping("/login")
	public String login(HttpServletRequest request,Model m) {
		/*
		 * 获取认证失败的错误信息
		 * 
		 * 没有认证，强制访问一个，也会跳转认证失败页面，但是不会共享错误信息
		 * 
		 */
		String shiroLoginFailure = (String) request.getAttribute("shiroLoginFailure");
		System.out.println("shiroLoginFailure :"+shiroLoginFailure);
		//org.apache.shiro.authc.UnknownAccountException
		//org.apache.shiro.authc.IncorrectCredentialsException
		
		//注意：shiroLoginFailure 可能为 null ，所以不能放在前面比较
		if(UnknownAccountException.class.getName().equals(shiroLoginFailure)) {
			m.addAttribute("errorMsg", "亲。账号不存在");
		}else if(IncorrectCredentialsException.class.getName().equals(shiroLoginFailure)) {
			m.addAttribute("errorMsg", "亲。密码错误");
		}

		//请求转发
		return "forward:/login.jsp";
	}
	
	
	/*
	 * 
	 * @RequiresPermissions("user:list")
	 * Shiro框架的权限注解
	 */
	@RequiresPermissions("user:list")
	@RequestMapping("/list")
	public String list() {
		
		
		return "user_list";
	}
	

	@RequiresPermissions("user:delete")
	@RequestMapping("/delete")
	public String delete() {
		
		System.out.println("开始删除用户了.....");
		return "redirect:/user/list.do";
	}
	
}
